Report - pezaurwebut.de/2636705f-9850-4fa0-930b-66e2cb6b3024

Report Overview

Submitted URL
pezaurwebut.de/2636705f-9850-4fa0-930b-66e2cb6b3024
IP
164.90.253.124
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2024-04-26 07:07:04
Access
public
Website Title
1xBet registration ᐉ Sign up 1xBet ᐉ 1xlite-660473.top
Final URL
1xlite-660473.top/en/registration?type=fast
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
82

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pezaurwebut.de	unknown	unknown	2024-03-25	2024-04-18	505 B	306 B	164.90.253.124
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-26	861 B	169 kB	142.250.74.168
widget.suphelper.top	unknown	2023-08-02	2023-10-04	2024-04-18	7.2 kB	2.7 MB	104.18.39.72
refpamjeql.top	73932	2019-08-22	2019-08-22	2024-03-03	581 B	646 kB	45.135.120.31
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-04-24	4.0 kB	1.7 kB	216.239.34.36
www.google.no	25607	2001-02-26	2016-04-05	2024-04-25	582 B	580 B	142.250.74.163
e1.o.lencr.org	6159	2020-06-29	2021-08-20	2024-04-24	326 B	729 B	23.36.76.226
1xlite-660473.top	unknown	2023-08-11	2024-02-06	2024-03-26	52 kB	879 kB	178.253.29.47
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2024-04-14	24 kB	1.7 MB	185.244.209.62
radar.cedexis.com	3035	2009-01-07	2013-11-27	2024-04-23	824 B	1.3 kB	45.54.49.5

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed
2024-04-26	medium	1xlite-660473.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (56)

	URL	Size	First Seen	Last Seen
	v3.traincdn.com/_nuxt/desktop/default/vendors/app-3a0481ca.js	966 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-3a0481ca.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen9 Hash 47ed64bc46475959fb808f6ad315b17a 6458a90607fec951440547e5da3ece80345a79b3 6e6e1c838342b6cc15d98b2024a13f8f1e39dec2338a15bf9b04c1d73c9650c4 Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	318 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 09:07:10 Last Seen2024-04-26 09:07:12 Times Seen2 Hash 2aa0c02d68ac2efefc1ba6cb9d7dbe8f c07aebe8704c08b603d8c64317ef9dc949eaf33f a68703a6e32f90df7b34629e53d7790f07bb476699ff1207afec13084f304917 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Registration-00e8e065.js	6.4 kB	2024-04-26	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Registration-00e8e065.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 09:07:10 Last Seen2024-04-26 09:07:11 Times Seen2 Hash da5b79a3a4ab3ea57ddc576a3469f0f4 4e7eca402d4c7ac98fe78c2b873bf868c7a3d18f 7abd9783b6c2d8f41f91ee5b400118ac624f5f0da8f1b665fef64da4850ad96a Loading...

	widget.suphelper.top/injector.js	208 kB	2023-12-17	2024-05-05
Pretty URL widget.suphelper.top/injector.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-17 15:23:16 Last Seen2024-05-05 05:13:50 Times Seen929 Hash faa1c0b5a845868ac1a8071b6b87d458 71034e9bb2726a20b2afa197ff4e1b52c2ab976b d7585c13a4abd3b295a15b2bce2b2d7121a697f42ea85f89f40624ac26b075d0 Loading...

	widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js	108 kB	2023-11-02	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:20:57 Last Seen2024-05-05 05:13:54 Times Seen2366 Hash 83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75 Loading...

	1xlite-660473.top/polyfills.js	0 B	2023-03-07	2024-05-06
Pretty URL 1xlite-660473.top/polyfills.js IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 21:19:31 Times Seen37383989 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	data:text/javascript,export const meta = import.meta;	32 B	2023-12-06	2024-05-04
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32:28 Last Seen2024-05-04 07:42:12 Times Seen881 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	173 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 09:07:10 Last Seen2024-04-26 09:07:12 Times Seen2 Hash 6b5cf3c4b7056b425a867a368c7bc4ed bb2542f27558709c9da6f69fc3daf620f423a022 9c89fd77c4c3949b3c2d5935a035f143819b7c2ba373b7230bc16abe989d948b Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-c1b13bbc.js	199 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-c1b13bbc.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:30 Times Seen8 Hash 770cae056135fc518ad14933ba614b1f 210efe80b13338caa77279c4f9f89359f5537baa a42fa9336cfcae84bf3d7e45164a21b51b754fcdb2ed97824d183698b3d7ed20 Loading...

	1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push	522 B	2024-04-26	2024-04-26
Pretty URL 1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 09:07:10 Last Seen2024-04-26 09:07:10 Times Seen1 Hash 9079571120314a97efd05d19d14dd70f 520b8a3687121a41487b85ccc417d6c8b5aa4a03 509510f48dabb7e2179c4f6fb1db3d4f628f36a9b729df16fdc177b2e0dcf026 Loading...

	v3.traincdn.com/_nuxt/check-ob.js	211 B	2024-04-24	2024-05-04
Pretty URL v3.traincdn.com/_nuxt/check-ob.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-05-04 07:42:13 Times Seen88 Hash ced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js	27 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen10 Hash d6c0749abfe6ac3fa12439f8c5280965 9f433c690b68983f71225293938bfbea88e432f1 fe95732bdaefa78507800cbdf5e127902eec74eef86bee6a9bf1eeafc915c26c Loading...

	widget.suphelper.top/_next/static/724286ac/_buildManifest.js	519 B	2024-04-25	2024-05-05
Pretty URL widget.suphelper.top/_next/static/724286ac/_buildManifest.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-05-05 05:13:53 Times Seen46 Hash 06c1d20d74764a4f7dea57ebb09df4d8 d6592eaad86ec7b7bc373774bf911385ea7cf07d 46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169 Loading...

	unknown	34 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:54 Times Seen851 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	v3.traincdn.com/_nuxt/desktop/default/DC-5812449e.js	2.3 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DC-5812449e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 5fd92d5e19084953d42f6435bf43dbc3 1605b683a815f82e1439bedd7f7acc9bef1d75c1 ad5547e0059467c7711c34a6627570759b87ea738c7659a3f169fe1871eb2dda Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-d6b6dd06.js	19 kB	2024-04-26	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-d6b6dd06.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 09:07:10 Last Seen2024-04-26 09:07:12 Times Seen2 Hash 176b10b8e19b1550af7fc94adf9e9d78 7be5b751de9a385d10d26c9a16b48d646069fc22 12b82c55246fd9b57e5ed7391ee90c376a321955a0238055a50d989248794162 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.media-91c67102.js	17 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.media-91c67102.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 9edd02014a4812685d800389066bc94b c89f400bb9b8ab7af4e7461a2d2ec002aea83bb8 23e9fe0dac6ac461e53781b9d407e7e3595eeea010fb4d6236eaa6b7699928ee Loading...

	unknown	47 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:52 Times Seen840 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js	92 B	2023-03-07	2024-05-06
Pretty URL widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-06 12:05:34 Times Seen7781 Hash 7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js	32 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen7 Hash 73045dab5a0f1892f4ecaa63deac81c4 53f582f313d660bcb8bc204d4b9930878f667271 3da8040fa2cbba713382129ac29b73bbd06c920cd0086fd10edad8b85c413e23 Loading...

	v3.traincdn.com/_nuxt/desktop/default/app-019fd1f8.js	852 kB	2024-04-25	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/app-019fd1f8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-04-26 10:36:33 Times Seen8 Hash d43b77608bc8d96538ae9c273040c05f 976870970f803da08317c877884507f74612dcb0 6d2939523f88a6d4cce3fb00a10e7b0bd1a2733ba36d72ce608bdb19a287f109 Loading...

	widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js	10 kB	2024-01-20	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:35 Last Seen2024-05-05 05:14:03 Times Seen440 Hash 54b2d4e92e16d2ea51898124107af46a ab4225b696e63c9040de1511fa229cf65b4d3750 e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662 Loading...

	widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js	373 kB	2024-04-24	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-05-05 05:14:03 Times Seen81 Hash 36e4e2c2a2498b008514f1f0250c8018 cfa53d1c8533fb5941d9ff4f1e45e8c831658693 42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0 Loading...

	radar.cedexis.com/1/23802/radar.js	390 B	2024-02-13	2024-05-04
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23:26 Last Seen2024-05-04 07:42:13 Times Seen129 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/commons/app-52fe5dc2.js	138 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/commons/app-52fe5dc2.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 67738af5bf23b478a572a381a2acc716 dd7280b456a511724f02c36bc432472d28897aef 38d639b8059f8649a3afd6bae7727428d389d106ba7f5f58abe27ef6d5a59183 Loading...

	widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js	3.8 kB	2023-10-05	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-05 09:17:37 Last Seen2024-05-05 05:13:49 Times Seen1970 Hash ba1681cca05ff7b4f8698587da76ab26 7113520b461dfcbdcbc1725a1acc6e05547bf20e bcfc83f65454f29634e61503e84d77f3fe8bc06451b90927bf842e9ad352ac64 Loading...

	unknown	47 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:49 Times Seen838 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js	141 kB	2023-03-08	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:26:33 Last Seen2024-05-05 05:14:03 Times Seen2362 Hash 896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js	40 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:38 Times Seen8 Hash 681145f0441284174ef426e56941290b 6e6844a39c0a7b28cd162391753ac6429a576728 a9b554dc85ad806c70c5a650600b4c39ea900812543992e8aa761b779600c3bb Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js	77 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 10:36:34 Times Seen10 Hash e0798c11c128dde9a2f8cb7010b4f2ac b501199439c816e3ce7b4db9343be18c7176393f f4d06de3e82b9e4717168f7368574bd7878368633d05b5b2136645e9f0f41fcb Loading...

	v3.traincdn.com/_nuxt/desktop/default/analytics-c706fc54.js	6.4 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/analytics-c706fc54.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:36 Times Seen10 Hash 14c0a5b475850d7da7e8459bf9df5766 f4cbfa40f0f3e3781d23a8a2e3715bf8252a2402 a6a30f6358ba3aea4d315b8838587ef81df7d171d0f84e2aa6d6faaadad614fd Loading...

	widget.suphelper.top/	196 B	2023-07-20	2024-05-05
Pretty URL widget.suphelper.top/ IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-20 14:42:12 Last Seen2024-05-05 05:13:54 Times Seen2019 Hash aa729c2ec64b60ce3b2052cc8edaa329 0f673deff4bffdd337a6220feb0b7b5b5ff666c4 9693391d461678be59d683100b1442f4ee65d2cf5bda3904fbf6232a7eb921ca Loading...

	unknown	39 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:49 Times Seen843 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	v3.traincdn.com/_nuxt/desktop/default/Betting.Core-3d5acad8.js	2.3 kB	2024-04-25	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-3d5acad8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-04-26 10:36:34 Times Seen8 Hash 20dfbfd0b527a3400141072543ab8d14 8b18103124ebcc40d3817e5b0897403dd79a777d 60ad198390a8936e848b2beeb25fb8f57fdb8a9a44cae0a2b22b731e38242d95 Loading...

	v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js	3.2 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen9 Hash 31dddc1647801a3327fdbc35796cc728 be143b7b082c2e26d4f5888795cdfbae3ee7fe30 5e182646aa4ce68aad3d97501ada00313a7dd51a5883b713c27803bb51e0a7ca Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-cdc74c8e.js	58 kB	2024-04-26	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-cdc74c8e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 09:07:10 Last Seen2024-04-26 09:07:12 Times Seen2 Hash 6c294dbfcd2e7142ce2c703bf31c5773 4cf0b58c33290bc07d71f5e37508215aeede7e91 14385af91f2984424e3afecd6a2c4ec511b6d37fa20578b6dcbe6ffc17da6d9d Loading...

	v3.traincdn.com/_nuxt/desktop/default/registration.Main-db85b51e.js	83 kB	2024-04-26	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/registration.Main-db85b51e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 09:07:11 Last Seen2024-04-26 09:07:12 Times Seen2 Hash d24110054ae7e5bd6c5ce1352700b60f 4335e02584cb033b5e231df827d6bbbeda977417 46cfda13cee95c7650f3548cd8b8c006057ac0f1b4733234ccd45027d111ddde Loading...

	widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js	481 kB	2024-01-20	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-05 05:13:54 Times Seen438 Hash 46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c Loading...

	widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js	78 kB	2024-01-20	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-05 05:13:46 Times Seen444 Hash dc6852529f28802d37affa5953d07260 4edd220fe8df4b009a1775ebe57f19d40999659f 4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84 Loading...

	1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push	924 B	2024-02-25	2024-05-04
Pretty URL 1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-25 06:56:59 Last Seen2024-05-04 07:42:12 Times Seen56 Hash 92bf20f2f922cc746bec8fe320b23ed3 768e5dbe711e1b62cad807b11ded99ef85001483 b81f4c4f575092cb52a07f89a96291f8e258b3f6bf61e51df0fec3bcc3132fea Loading...

	1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push	614 kB	2024-04-26	2024-04-26
Pretty URL 1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 09:07:11 Last Seen2024-04-26 09:07:11 Times Seen1 Hash 25573683b67ab61eb48f56b1df09f86c 9b3ec54dafc16ea1a42976f4a0ab23fbc3b5e3a9 e6a9faeb8af8fe515e68265d652a008f1dd73575602ec30022d9d2964359731d Loading...

	1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push	9.7 kB	2024-04-26	2024-04-27
Pretty URL 1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 09:07:11 Last Seen2024-04-27 19:16:47 Times Seen10 Hash eeb1794e8f91da6899ef4ec1100d3b52 70ff61ed25f0e5cefa2c3420713b90805eb8a57d 16015eec572f5097fffdd44ef6278815121833b1fb806df47b28b6bb1a5aab6c Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js	8.0 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen10 Hash ceb24e94d87d9c04b6685d611e9050c1 781d9f7fb4ff0e09fa74cdcdc5b1e707a57b4539 bfc675160863b2fdb50b84830a53646a8c762836217ffc99ea6a8b5dc16cd734 Loading...

	v3.traincdn.com/_nuxt/desktop/default/runtime-429a9b40.js	47 kB	2024-04-25	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/runtime-429a9b40.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-04-26 10:36:34 Times Seen8 Hash 98255763f3f394149bb9d0b5f43f0cf7 9f9956c07034407cf605d11bc57b37c8a928c01f 664cac2629ba11af02afaabf5b06ef2bfab319d36efdb7c6b81ade6edcffd217 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js	26 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen8 Hash 83575afda287eafafb4102f4463ea9a7 241502bfcd1fdaf75068e1f6497e65642ec7981d 6c7258871472c35e8d3f7f4c71550a079165d95f913297204b6746faf5f31f33 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-969fa6be.js	56 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-969fa6be.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:34 Times Seen10 Hash ed1aa306ac0483a61e03d12f0cf0c683 3688fabf92067a4cc58d87aec282cddc6a7e33f0 fdc6326914576f6b064f1b56dc5e153e8f601d12932d28cda623ea1c6670ffff Loading...

	widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js	107 kB	2024-04-25	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-05 05:13:47 Times Seen75 Hash d0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5 Loading...

	widget.suphelper.top/_next/static/724286ac/_ssgManifest.js	77 B	2023-03-07	2024-05-06
Pretty URL widget.suphelper.top/_next/static/724286ac/_ssgManifest.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-06 18:47:26 Times Seen85861 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js	37 kB	2023-10-13	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:04:09 Last Seen2024-05-05 05:13:49 Times Seen3067 Hash 6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js	12 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 1f560cda98016a758f23b98bb6451629 601e2074c0bac9c95a4cde3a1b0c8b2c46fc4157 e56d555d970e127bfcc5baf5da80649f7db6e3b9b09795af851020ca565644cd Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js	32 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen8 Hash e56eb405b1675cee62515df2dd269796 9c9c94e310d2895822831bd3face015b1cbf6b06 d2dbde0611294046d74c6cfb5ef4fb9b3559df984253e2e490fe238b59303a54 Loading...

	unknown	44 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:51 Times Seen840 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	unknown	96 B	2023-12-06	2024-05-04
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32:27 Last Seen2024-05-04 07:42:12 Times Seen881 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js	7.0 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 646a2b32c35fc60e6fe759e25b80b680 4bffb554df5ebcd3f96154047e39cc1efe9d4658 b8339391f1719293f8987d960120957904d99c0e4d634e48f6f16f3e2c25e812 Loading...

	widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js	1.0 MB	2024-04-25	2024-05-02
Pretty URL widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:13 Last Seen2024-05-02 04:19:28 Times Seen40 Hash 0a8ec60f8885a9417bae7ec2a3981f82 ef0fa91cda49946611fe1cd09819cfdaf8a1c6f5 15d73072cdad0ee70bdc75731a1c2d81326b0b1391b668cd36c639a321105259 Loading...

		Size	First Seen	Last Seen
	#1 Eval - c53c5a39db1264f4e859e057ef5191d8	34 kB	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 09:07:11 Last Seen2024-04-26 09:07:11 Times Seen1 Hash c53c5a39db1264f4e859e057ef5191d8 e65dfd1903081bd9abc137dd84c48073c75216d2 061c3f7dca0437f6dc9e3d120195ac63b7bf5e174dfc790e125ad6566af387df Loading...

HTTP Transactions (121)

URL IP Response Size

e1.o.lencr.org/

23.36.76.226

345 B

URL
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
2296845f3292042236e4ceb6bb06e22a
234d857dfed9d5844fe389c1a179c846f6217b7b
a50576cdbafa906a02ceddae95f622c396745a282e646ab166a54382e41c6163

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A50576CDBAFA906A02CEDDAE95F622C396745A282E646AB166A54382E41C6163"
Last-Modified: Wed, 24 Apr 2024 08:23:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15531
Expires: Fri, 26 Apr 2024 11:25:24 GMT
Date: Fri, 26 Apr 2024 07:06:33 GMT
Connection: keep-alive

pezaurwebut.de/2636705f-9850-4fa0-930b-66e2cb6b3024

164.90.253.124

302 Found

0 B

URL User Request GET HTTP/1.1
pezaurwebut.de/2636705f-9850-4fa0-930b-66e2cb6b3024
IP
164.90.253.124:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerLet's Encrypt
Subjectpezaurwebut.de
FingerprintF0:FB:E0:B2:FB:57:72:34:E0:0F:69:C9:2A:4C:98:BD:6F:63:91:72
ValidityWed, 24 Apr 2024 07:22:34 GMT - Tue, 23 Jul 2024 07:22:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2636705f-9850-4fa0-930b-66e2cb6b3024 HTTP/1.1
Host: pezaurwebut.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
server: nginx
date: Fri, 26 Apr 2024 07:06:33 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: https://refpamjeql.top/L?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push&site=1249669&ad=2896&r=registration/
referrer-policy: no-referrer

1xlite-660473.top/polyfills.js

178.253.29.47

200 OK

0 B

URL GET HTTP/2
1xlite-660473.top/polyfills.js
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills.js HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/runtime-429a9b40.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/runtime-429a9b40.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (47028), with no line terminators
Size
15 kB (14721 bytes)
Hash
98255763f3f394149bb9d0b5f43f0cf7
9f9956c07034407cf605d11bc57b37c8a928c01f
664cac2629ba11af02afaabf5b06ef2bfab319d36efdb7c6b81ade6edcffd217

HTTP Headers

GET /_nuxt/desktop/default/runtime-429a9b40.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 14721
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-3981"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:56:44 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0122ef6c2826e3f00550389e422cbb8b-d3742409e8692e79-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:56:44+00:00, 2024-04-25T12:58:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6ee8a9e4.css

185.244.209.62

200 OK

591 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6ee8a9e4.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2490), with no line terminators
Size
591 B (591 bytes)
Hash
7375a1956830f97b2481314bf1f0e199
7c30df38c6465e78813dc2aea95eb086bb832630
2acc171311243f36d7410ebd2b41ac7d7c7899c861153198217e7e91d3d9e4cf

HTTP Headers

GET /_nuxt/desktop/default/css/6ee8a9e4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: text/css
content-length: 591
last-modified: Wed, 24 Apr 2024 11:16:25 GMT
etag: "6628ea09-24f"
content-encoding: gzip
expires: Fri, 26 Apr 2024 09:38:57 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6b0921ea0e75883cc9a081774049525c-df6da9898139a810-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T09:38:57+00:00, 2024-04-25T21:00:27+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Registration-00e8e065.js

185.244.209.62

200 OK

2.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Registration-00e8e065.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6350), with no line terminators
Size
2.2 kB (2235 bytes)
Hash
da5b79a3a4ab3ea57ddc576a3469f0f4
4e7eca402d4c7ac98fe78c2b873bf868c7a3d18f
7abd9783b6c2d8f41f91ee5b400118ac624f5f0da8f1b665fef64da4850ad96a

HTTP Headers

GET /_nuxt/desktop/default/Page.Registration-00e8e065.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 2235
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-8bb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:29:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-39dd8980a4c8fd68ad83e902b236abff-39313c18962c1391-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:29:01+00:00, 2024-04-25T14:57:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6c310293.css

185.244.209.62

200 OK

3.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6c310293.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (31339), with no line terminators
Size
3.2 kB (3225 bytes)
Hash
3cc47f5bfd7fb2ef96257df775a1b810
bbb36b671dd4a1f6e24cce1a48368724994b3913
18aeb0ed76dd6ce1471582770244ed6c55b69fef2e84ffabdabdbf7f32600326

HTTP Headers

GET /_nuxt/desktop/default/css/6c310293.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: text/css
content-length: 3225
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-c99"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:26:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5e3d0ce46d4c1e25063a71bc37daa5fe-e3049c2927a9357a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:26:51+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8037), with no line terminators
Size
2.3 kB (2257 bytes)
Hash
ceb24e94d87d9c04b6685d611e9050c1
781d9f7fb4ff0e09fa74cdcdc5b1e707a57b4539
bfc675160863b2fdb50b84830a53646a8c762836217ffc99ea6a8b5dc16cd734

HTTP Headers

GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 2257
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-8d1"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2fab0de224076849bf74f65a752c4801-9adbd890c5627b7b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:33+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/version.json

185.244.209.62

200 OK

44 B

URL GET HTTP/2
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
4dda53dbeb340a5129b07e1702aa8dad
614a638c883bf28d94af0918fc794d5d275cfc20
eeb319ca820c70f7b63d4ff6a64bb4852647c066b7cd0245601964722306e983

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: application/json
content-length: 44
last-modified: Thu, 25 Apr 2024 10:41:36 GMT
etag: "662a3360-2c"
content-encoding: gzip
expires: Thu, 25 Apr 2024 11:27:56 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6b4f79161de2ab77dbb5390a6497e539-84b0569d3233d89b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T11:26:56+00:00, 2024-04-26T07:06:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/commons/app-52fe5dc2.js

185.244.209.62

200 OK

47 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/commons/app-52fe5dc2.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
47 kB (46792 bytes)
Hash
67738af5bf23b478a572a381a2acc716
dd7280b456a511724f02c36bc432472d28897aef
38d639b8059f8649a3afd6bae7727428d389d106ba7f5f58abe27ef6d5a59183

HTTP Headers

GET /_nuxt/desktop/default/commons/app-52fe5dc2.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 46792
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-b6c8"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fb2de89cbfab87b98a061c16c9f0a6b1-1e6a26c7eaf7d68c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:31+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-3a0481ca.js

185.244.209.62

200 OK

270 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/app-3a0481ca.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61101)
Size
270 kB (270073 bytes)
Hash
47ed64bc46475959fb808f6ad315b17a
6458a90607fec951440547e5da3ece80345a79b3
6e6e1c838342b6cc15d98b2024a13f8f1e39dec2338a15bf9b04c1d73c9650c4

HTTP Headers

GET /_nuxt/desktop/default/vendors/app-3a0481ca.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 270073
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-41ef9"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-706f4ab1cb0b095da69ca88999996efb-778be628f25c66c6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:31+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/b31cf88f.css

185.244.209.62

200 OK

2.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/b31cf88f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9498), with no line terminators
Size
2.2 kB (2186 bytes)
Hash
96a29f0004392655cc9593713581f6bc
9e217c48ea7052b0df22bd29aa1b62afd807ef2d
f38f8cbcdd652cad7465c60c1eff068b6d104e97f4603f1499cb790f81b17cff

HTTP Headers

GET /_nuxt/desktop/default/css/b31cf88f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: text/css
content-length: 2186
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-88a"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:33:29 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-73aa1b32608fe03e170a242a2304ec19-5f97284b5a38e776-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:33:29+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e74c776d.css

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e74c776d.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
14 kB (13767 bytes)
Hash
46c8f0c05f1b041270e8e142c7ce5d70
2b14a5ef8669fe0e73a40a816b894a50c829219f
eed5933b3a22f8155625627d59bf536ceda18acc679a4019833a890e75b07ba7

HTTP Headers

GET /_nuxt/desktop/default/css/e74c776d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: text/css
content-length: 13767
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-35c7"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-53a7f1b54cbbe94cb9b7667319161b2a-624e014fe765f08e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:14+00:00, 2024-04-25T13:04:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/app-019fd1f8.js

185.244.209.62

200 OK

225 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/app-019fd1f8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators
Size
225 kB (224677 bytes)
Hash
d43b77608bc8d96538ae9c273040c05f
976870970f803da08317c877884507f74612dcb0
6d2939523f88a6d4cce3fb00a10e7b0bd1a2733ba36d72ce608bdb19a287f109

HTTP Headers

GET /_nuxt/desktop/default/app-019fd1f8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 224677
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-36da5"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:56:44 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-58e4c464485ab0cda8c894fc411ca6e8-1bc058ca63a3626e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:56:44+00:00, 2024-04-25T12:58:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8c6ef21c594725db2ef382cee24b6d82-6208a62b705f24c9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-04-26T06:14:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-271bc5534acbf3f6c4f0d1e00a0a0613-f753a3c55aedd140-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-04-26T06:35:58+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f65c7faea7e5b99e6d3fc5210eaca74a-2bcd7f1b1cefa383-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-04-26T06:14:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/check-ob.js

185.244.209.62

200 OK

187 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/check-ob.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
187 B (187 bytes)
Hash
ced67278c38d1ce1297c121af69fff8a
df6e1531fd84d956263b04254e6f94f5356623f4
2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616

HTTP Headers

GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Wed, 24 Apr 2024 11:16:59 GMT
etag: "6628ea2b-bb"
content-encoding: gzip
expires: Thu, 25 Apr 2024 12:52:17 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8deb3714581435b296721c1abd31de86-1e17ad198f9461dc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T12:52:17+00:00, 2024-04-25T11:36:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png

185.244.209.62

200 OK

653 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8ac93674dcd34a358cae71cf45d58b6f-f6ece73f0abf71e5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-04-26T06:29:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
22 kB (21881 bytes)
Hash
e0798c11c128dde9a2f8cb7010b4f2ac
b501199439c816e3ce7b4db9343be18c7176393f
f4d06de3e82b9e4717168f7368574bd7878368633d05b5b2136645e9f0f41fcb

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 21881
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5579"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-db0a55efd8b9a4f08064f0c8bdb1648b-f3e74be9c607435d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:36+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js

185.244.209.62

200 OK

4.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12527), with no line terminators
Size
4.6 kB (4556 bytes)
Hash
1f560cda98016a758f23b98bb6451629
601e2074c0bac9c95a4cde3a1b0c8b2c46fc4157
e56d555d970e127bfcc5baf5da80649f7db6e3b9b09795af851020ca565644cd

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-11cc"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7f89742723a5e58a6b2c1b22f3f9dff5-66c096beb2230d74-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:19+00:00, 2024-04-25T13:05:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css

185.244.209.62

200 OK

953 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3352), with no line terminators
Size
953 B (953 bytes)
Hash
748da80084597d87b4ff5e98b017b07b
db6ad2ec24bfcbe751a23061d935403e1163f471
4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24

HTTP Headers

GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: text/css
content-length: 953
last-modified: Wed, 24 Apr 2024 11:16:26 GMT
etag: "6628ea0a-3b9"
content-encoding: gzip
expires: Fri, 26 Apr 2024 11:04:50 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b2c018952d012d0e4bd11ae281f464c5-5989421ac3d91342-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T11:04:50+00:00, 2024-04-25T14:51:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js

185.244.209.62

200 OK

8.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26717), with no line terminators
Size
8.1 kB (8056 bytes)
Hash
d6c0749abfe6ac3fa12439f8c5280965
9f433c690b68983f71225293938bfbea88e432f1
fe95732bdaefa78507800cbdf5e127902eec74eef86bee6a9bf1eeafc915c26c

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 8056
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1f78"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9e7c83077c31a157d0f3e7a31f58bd4c-f10d91670716c24e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:19+00:00, 2024-04-25T13:05:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js

185.244.209.62

200 OK

2.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6960), with no line terminators
Size
2.1 kB (2118 bytes)
Hash
646a2b32c35fc60e6fe759e25b80b680
4bffb554df5ebcd3f96154047e39cc1efe9d4658
b8339391f1719293f8987d960120957904d99c0e4d634e48f6f16f3e2c25e812

HTTP Headers

GET /_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 2118
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-846"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fa12f4146c884e4cad00c2396ce91e37-8c32473fd733fb65-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:37+00:00, 2024-04-25T14:51:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DC-5812449e.js

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DC-5812449e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2336), with no line terminators
Size
1.0 kB (1000 bytes)
Hash
5fd92d5e19084953d42f6435bf43dbc3
1605b683a815f82e1439bedd7f7acc9bef1d75c1
ad5547e0059467c7711c34a6627570759b87ea738c7659a3f169fe1871eb2dda

HTTP Headers

GET /_nuxt/desktop/default/DC-5812449e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 1000
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-3e8"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:22 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-eabfa99436809518a7a599711da6fa0d-ecb0ddd3af666e95-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:22+00:00, 2024-04-25T13:05:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/version.json?timestamp=1714115195954

178.253.29.47

200 OK

44 B

URL GET HTTP/2
1xlite-660473.top/version.json?timestamp=1714115195954
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
4dda53dbeb340a5129b07e1702aa8dad
614a638c883bf28d94af0918fc794d5d275cfc20
eeb319ca820c70f7b63d4ff6a64bb4852647c066b7cd0245601964722306e983

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /version.json?timestamp=1714115195954 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: application/json
content-length: 44
last-modified: Thu, 25 Apr 2024 10:41:36 GMT
vary: Accept-Encoding
etag: "662a3360-2c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 07:07:35 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

1xlite-660473.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285

178.253.29.47

200 OK

141 B

URL GET HTTP/2
1xlite-660473.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
141 B (141 bytes)
Hash
bd9be2fa89d26e9e6f1b2e08ffcd0ed6
90eae25ee792254c7ca97e98c5782078f9bdc37f
c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 1672
x-request-id: 9794fd02ef766c2577626efbb326d336
x-request-guid: 9794fd02ef766c2577626efbb326d336
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.5561580657959, wf-uht;dur=0.011
X-Firefox-Spdy: h2

1xlite-660473.top/checker/redirect/stat/run/

178.253.29.47

200 OK

14 B

URL GET HTTP/2
1xlite-660473.top/checker/redirect/stat/run/
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
14 B (14 bytes)
Hash
2de0d0acfd684235f066bd0ec0c9e3df
68d0cb64805a42d7e40f43e8e198986b43dd6b69
9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1920; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.47

200 OK

23 B

URL POST HTTP/2
1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
0fd3aa4bbc8250249e4f0095f5e18c6d
aaea5383a97f2a45c2a136d96b588677a4ca36aa
d2de12e486838b737a44dccb3d12aefaf0218002c3826118d366a385eecb622f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Content-Type: application/json
X-Lang: en
X-Uuid: c999fce1-1343-468a-9f8c-1974a73711eb
Content-Length: 80
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Betting.Core-3d5acad8.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Betting.Core-3d5acad8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2341), with no line terminators
Size
1.5 kB (1504 bytes)
Hash
20dfbfd0b527a3400141072543ab8d14
8b18103124ebcc40d3817e5b0897403dd79a777d
60ad198390a8936e848b2beeb25fb8f57fdb8a9a44cae0a2b22b731e38242d95

HTTP Headers

GET /_nuxt/desktop/default/Betting.Core-3d5acad8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 1504
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5e0"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:56:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-04ad7b24ebf01c8ce38865c0cee03811-437c6b551918df10-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:56:51+00:00, 2024-04-25T12:58:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3229), with no line terminators
Size
1.5 kB (1451 bytes)
Hash
31dddc1647801a3327fdbc35796cc728
be143b7b082c2e26d4f5888795cdfbae3ee7fe30
5e182646aa4ce68aad3d97501ada00313a7dd51a5883b713c27803bb51e0a7ca

HTTP Headers

GET /_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5ab"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4d19f7989ac0ec7311f1354d56442189-7fc73522f839ea18-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:37+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-d6b6dd06.js

185.244.209.62

200 OK

6.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-d6b6dd06.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (18819), with no line terminators
Size
6.1 kB (6143 bytes)
Hash
176b10b8e19b1550af7fc94adf9e9d78
7be5b751de9a385d10d26c9a16b48d646069fc22
12b82c55246fd9b57e5ed7391ee90c376a321955a0238055a50d989248794162

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/Page.SiteUpdates/components/userControl.auth_form_extended/modal.RegistrationSucc/62f29d8c-d6b6dd06.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 6143
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-17ff"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:29:06 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-25d17c30b43ca6fdb25061ceead6647e-d3e176f207d62282-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:29:06+00:00, 2024-04-25T14:37:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css

185.244.209.62

200 OK

97 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
97 B (97 bytes)
Hash
9deb70dd3fbdc7061ed21c5632fbc55b
22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8
be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9

HTTP Headers

GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: text/css
content-length: 97
last-modified: Wed, 24 Apr 2024 11:16:25 GMT
etag: "6628ea09-61"
content-encoding: gzip
expires: Thu, 25 Apr 2024 14:35:41 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-75cda22a7ee15fc10fd8b8b8e20fab76-0f27b0be1e9043e6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T14:35:41+00:00, 2024-04-25T11:57:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js

185.244.209.62

200 OK

8.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (25972)
Size
8.5 kB (8517 bytes)
Hash
83575afda287eafafb4102f4463ea9a7
241502bfcd1fdaf75068e1f6497e65642ec7981d
6c7258871472c35e8d3f7f4c71550a079165d95f913297204b6746faf5f31f33

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 8517
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-2145"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4d5dd78e3a61ea544f6553a0808dd822-c6c6c44df5e5589a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:38+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js

185.244.209.62

200 OK

9.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31451), with no line terminators
Size
9.2 kB (9167 bytes)
Hash
e56eb405b1675cee62515df2dd269796
9c9c94e310d2895822831bd3face015b1cbf6b06
d2dbde0611294046d74c6cfb5ef4fb9b3559df984253e2e490fe238b59303a54

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 9167
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-23cf"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:09 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6ebaa344874aa0fd2628e3f277c796a5-4be58909a2f7cb00-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e28e3baf.css

185.244.209.62

200 OK

2.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e28e3baf.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (16554), with no line terminators
Size
2.7 kB (2671 bytes)
Hash
44c773529c517236419a401de4a1baf6
a9b6126fc10bd8619bf2ffa452846a298df4862c
62e7cc29a6b2b0e74ae67259a4e64d5f9c3f5fa673b30a8bec3d3016acc1bb7e

HTTP Headers

GET /_nuxt/desktop/default/css/e28e3baf.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: text/css
content-length: 2671
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-a6f"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2e52139d7fcba7e6c83e9f68574477d9-af37834253286f16-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:31+00:00, 2024-04-25T13:22:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-cdc74c8e.js

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-cdc74c8e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (58006), with no line terminators
Size
14 kB (14216 bytes)
Hash
6c294dbfcd2e7142ce2c703bf31c5773
4cf0b58c33290bc07d71f5e37508215aeede7e91
14385af91f2984424e3afecd6a2c4ec511b6d37fa20578b6dcbe6ffc17da6d9d

HTTP Headers

GET /_nuxt/desktop/default/vendors/modal.RegistrationSuccessModalApp/registration.Main/user.userRegistration-cdc74c8e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 14216
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-3788"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:29:06 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6063cec2a34a77845c1e02315ab5351f-04d1b7c6223f8e91-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:29:06+00:00, 2024-04-25T14:57:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ba9f0938.css

185.244.209.62

200 OK

2.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ba9f0938.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (10513), with no line terminators
Size
2.2 kB (2193 bytes)
Hash
dce4e107521e0922482950041e5c4a59
ed922105b1b29002c2d10585126fb666f1539e8f
9d132d7501180e5c3e81df772f198c243876dd456a00ce24d4526d09811150ac

HTTP Headers

GET /_nuxt/desktop/default/css/ba9f0938.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: text/css
content-length: 2193
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-891"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e7ac15c92cf06e75b06b41c6de31d7f5-48fe975a01bf36ba-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:31+00:00, 2024-04-25T13:22:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/registration.Main-db85b51e.js

185.244.209.62

200 OK

23 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/registration.Main-db85b51e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (22595 bytes)
Hash
d24110054ae7e5bd6c5ce1352700b60f
4335e02584cb033b5e231df827d6bbbeda977417
46cfda13cee95c7650f3548cd8b8c006057ac0f1b4733234ccd45027d111ddde

HTTP Headers

GET /_nuxt/desktop/default/registration.Main-db85b51e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 22595
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5843"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:29:06 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-905a1ac6470a12bff78c420a72d96f22-a02dfbad8615b188-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:29:06+00:00, 2024-04-25T14:57:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css

185.244.209.62

200 OK

459 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1526), with no line terminators
Size
459 B (459 bytes)
Hash
97fdf5b6e7dfddf6ab251e984133b2c3
bb552fe685c52c34e0ed91e4dfaa9df2675ad086
92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3

HTTP Headers

GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: text/css
content-length: 459
last-modified: Wed, 24 Apr 2024 11:16:26 GMT
etag: "6628ea0a-1cb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 11:05:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-55219dde61cc0e36e3f7a248587ed408-83038b3fcd5ecb8b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T11:05:14+00:00, 2024-04-25T14:54:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-969fa6be.js

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-969fa6be.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators
Size
17 kB (16831 bytes)
Hash
ed1aa306ac0483a61e03d12f0cf0c683
3688fabf92067a4cc58d87aec282cddc6a7e33f0
fdc6326914576f6b064f1b56dc5e153e8f601d12932d28cda623ea1c6670ffff

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.media-969fa6be.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 16831
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-41bf"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7451d697c4a286c99fd486869dc5f2f5-740f5ae0a73a3981-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:31+00:00, 2024-04-25T13:05:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css

185.244.209.62

200 OK

180 kB

URL GET HTTP/2
v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
180 kB (179534 bytes)
Hash
a2d3e85dfb5a9b4f2e0dfe263526d22a
aad2af465e92d0faf4bdee7462102932e898db88
47ab278e30a6915cec13a4691cd5ad0699fae401234e466d0a07a4e9838c4c41

HTTP Headers

GET /sys-ui/2.2.11/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:41:52 GMT
etag: W/"5be31e73f9aaf3c05331c4f0cd80e4d9"
x-amz-meta-mtime: 1713872392.088051093
content-encoding: gzip
expires: Wed, 24 Apr 2024 14:28:29 GMT
cache-control: max-age=86400
x-time-ng: 0.008
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-22e68b930eac992c45a04e5a1b925be7-9f6b6f33ec76f60b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T14:28:29+00:00, 2024-04-25T14:32:54+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.media-91c67102.js

185.244.209.62

200 OK

4.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.media-91c67102.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16761), with no line terminators
Size
4.7 kB (4731 bytes)
Hash
9edd02014a4812685d800389066bc94b
c89f400bb9b8ab7af4e7461a2d2ec002aea83bb8
23e9fe0dac6ac461e53781b9d407e7e3595eeea010fb4d6236eaa6b7699928ee

HTTP Headers

GET /_nuxt/desktop/default/betting.media-91c67102.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 4731
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-127b"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cfef7574f705dd57d0eb4e4dd77e10c0-3dca3d0d63f4d0f6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/analytics-c706fc54.js

185.244.209.62

200 OK

2.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/analytics-c706fc54.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6444), with no line terminators
Size
2.4 kB (2434 bytes)
Hash
14c0a5b475850d7da7e8459bf9df5766
f4cbfa40f0f3e3781d23a8a2e3715bf8252a2402
a6a30f6358ba3aea4d315b8838587ef81df7d171d0f84e2aa6d6faaadad614fd

HTTP Headers

GET /_nuxt/desktop/default/analytics-c706fc54.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-982"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:50 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c19ea5b37b2d4085265cc77d8535d2ac-ff3b6d9e231c9caa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:50+00:00, 2024-04-25T14:33:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/session-api/sessions/user

178.253.29.47

200 OK

16 B

URL GET HTTP/2
1xlite-660473.top/session-api/sessions/user
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
646b2e82b65602d35f7aa6283c387e3a
b163a70c5df8e4b0861a23a04f8a6f78393747f4
b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.2428760528564, wf-uht;dur=0.010
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137

178.253.29.47

200 OK

155 B

URL GET HTTP/2
1xlite-660473.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
155 B (155 bytes)
Hash
d9c4e764d0719887a701a2fd57d2ed20
dd9132eb122454d6202e18dc89cf3f813bd28eea
bfb3eb33d14d3606f7ef2f2ebf7194a6eba1837022e2cce1a5adaebff4226d10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/json; charset=utf-8
content-length: 155
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

1xlite-660473.top/bff-api/event-logo/v2/suitable.json?lang=en

178.253.29.47

200 OK

2 B

URL GET HTTP/2
1xlite-660473.top/bff-api/event-logo/v2/suitable.json?lang=en
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=15.10, dt_total;dur=16.868, wf-uht;dur=0.025
traceparent: 00-58c29a240397f09de9fc6b4de01f9562-54d6934da0ad5e4a-01
x-dt: 285
x-time-ng: 0.016
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.168

200 OK

63 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (1763)
Size
63 kB (62910 bytes)
Hash
6b5cf3c4b7056b425a867a368c7bc4ed
bb2542f27558709c9da6f69fc3daf620f423a022
9c89fd77c4c3949b3c2d5935a035f143819b7c2ba373b7230bc16abe989d948b

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 07:06:36 GMT
expires: Fri, 26 Apr 2024 07:06:36 GMT
cache-control: private, max-age=900
last-modified: Fri, 26 Apr 2024 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 62910
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.168

200 OK

105 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10899)
Size
105 kB (104918 bytes)
Hash
2aa0c02d68ac2efefc1ba6cb9d7dbe8f
c07aebe8704c08b603d8c64317ef9dc949eaf33f
a68703a6e32f90df7b34629e53d7790f07bb476699ff1207afec13084f304917

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 07:06:36 GMT
expires: Fri, 26 Apr 2024 07:06:36 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104918
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/common.svg

185.244.209.62

200 OK

60 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
60 kB (60050 bytes)
Hash
6161716a47cc17407bd6ffb5a75c7296
ca49eafe96fe4643a70c6f17858ff00c917b1980
4b30337194b445fbaafdf9c1f3e6186c3ba143bc577a4437eacc5be0d1b17d31

HTTP Headers

GET /sys-icons/1.0.328/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-98d72239c6d1fd157efbe6749c422129-c0dae521aec43b45-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:01+00:00, 2024-04-25T11:15:14+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/

104.18.39.72

200 OK

89 kB

URL GET HTTP/2
widget.suphelper.top/
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
89 kB (89331 bytes)
Hash
a7047fe693e674c1792a82ba7e739868
a6cbff0c39333511ee534977acea803354a3180f
de0d87acf891c95b7d02c5c07aebbda2e7e5e723db7a5ea39fab04ff2ed1e40c

HTTP Headers

GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87a4bb2c3cca569c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

271 B

URL GET HTTP/1.1
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
271 B (271 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 07:06:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:51:01 GMT
Vary: Accept-Encoding
ETag: W/"65c9ea05-186"
Expires: Fri, 10 May 2024 07:06:37 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-03T07:12:40+00:00
traceparent: 00-4f3971d1d8de19302b214629ba45954d-d115afe098caab90-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json

178.253.29.47

200 OK

822 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
822 B (822 bytes)
Hash
be781196159e458a9a157a93f6981363
54b5bb6ddb54aefb6dc1eeeab89afdf48079e959
71bf1763541ee0d4298863f03c291b09029668d448e8077518717b8810ac910f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
content-length: 822
last-modified: Mon, 08 Apr 2024 09:13:00 GMT
etag: "be781196159e458a9a157a93f6981363"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json

178.253.29.47

200 OK

182 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
182 B (182 bytes)
Hash
e4c69ca8e3916987138c95a26642f53a
411149ef1233c191122618916dc7fa4965a30f7c
9bbbe99b83a20d3d0bd65ab0b343de560c6d437a74a4835786bbd6a58bb0e08e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
content-length: 182
last-modified: Tue, 11 Apr 2023 17:53:40 GMT
etag: "e4c69ca8e3916987138c95a26642f53a"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json

178.253.29.47

200 OK

184 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
184 B (184 bytes)
Hash
36777c63209967831ddd2926e229b69b
7a59de3bd5fd0406a1becbd4fc6bdb49a996a0fa
c2087429233dc14f1ad96cf9b7d1f4ecf0f32fabab7fc37999644a488d10dbc2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
content-length: 184
last-modified: Thu, 09 Nov 2023 06:22:56 GMT
etag: "36777c63209967831ddd2926e229b69b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2

widget.suphelper.top/sounds/new-message.mp3

104.18.39.72

200 OK

30 kB

URL GET HTTP/2
widget.suphelper.top/sounds/new-message.mp3
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
MPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo
Size
30 kB (29952 bytes)
Hash
ef9af24dc7dbd24ffd99c832e1300351
f78744a5013038446c468de14f205f2d52373fd6
5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9

HTTP Headers

GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"7500-18f123218ff"
cf-cache-status: HIT
age: 535
expires: Fri, 26 Apr 2024 11:06:37 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a4bb3129b3569c-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json

178.253.29.47

200 OK

7.9 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
7.9 kB (7944 bytes)
Hash
dad3a9b077bc630619a2f0a6422b65ae
21ed76245ef3e318fe37ac6d145ffebeac627956
8db3ba27ae59a7f93f8dbe2f9a499b4e028717aa6c139eef0b78e1ec09eca758

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 28 Nov 2023 09:26:45 GMT
etag: W/"dad3a9b077bc630619a2f0a6422b65ae"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5171), with no line terminators
Size
1.1 kB (1050 bytes)
Hash
5d231bea9b7df6bc1e9e74e3c0a231e1
2ef607f0c766fff1b4b1e90a2d98e7094c81721e
c43fd428fe6e9d25ddf385a1cf03891194126ebf9e83d086af655272e815445b

HTTP Headers

GET /_nuxt/desktop/default/css/e5eb737e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: text/css
content-length: 1050
last-modified: Wed, 24 Apr 2024 11:16:26 GMT
etag: "6628ea0a-41a"
content-encoding: gzip
expires: Fri, 26 Apr 2024 08:08:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-098773a25f032f3948a6fab1c659169a-831a43ebc87cc9b5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T08:08:31+00:00, 2024-04-25T10:16:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js

104.18.39.72

200 OK

19 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
19 kB (18608 bytes)
Hash
0899e47864b8ff995fc02e03043b553f
a581249a54e422101e7baf1b028f1a54f10fd4e4
31a95b32a424beedd024a0b5a70de9e341d07d859eacb22bd9e249e83e468132

HTTP Headers

GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"8f42-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13487939
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb30b942569c-OSL
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714115196613&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=402892344.1714115197&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714115197&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_2896c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l71062_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=4076

216.239.34.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714115196613&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=402892344.1714115197&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714115197&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_2896c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l71062_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=4076
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714115196613&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=402892344.1714115197&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714115197&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_2896c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l71062_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=4076 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-660473.top
date: Fri, 26 Apr 2024 07:06:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json

178.253.29.47

200 OK

543 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
543 B (543 bytes)
Hash
2f999350fc2eea344d910e8a01de406d
bcfeaa8fadc7ca87115d7e36c955bd0df504b8ad
c73c55fa3a522662241013a108e6043dd4cde3fbfa2be0ed4a4940582e26ed36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
content-length: 543
last-modified: Thu, 29 Feb 2024 14:14:28 GMT
etag: "2f999350fc2eea344d910e8a01de406d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.320
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/ba5c155521a3853fb5db8559f0fed629.json

178.253.29.47

200 OK

249 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/ba5c155521a3853fb5db8559f0fed629.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
249 B (249 bytes)
Hash
2209ca3135f40bfbb67fd12b887402a9
c50e4585ffcffda7271c68c2685ce7c4eab91138
85d2140ab013caf8951d9bafb1ea7f5e95518e694f095ad43ec3d29926741c36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/ba5c155521a3853fb5db8559f0fed629.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
content-length: 249
last-modified: Tue, 05 Sep 2023 10:23:36 GMT
etag: "2209ca3135f40bfbb67fd12b887402a9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.284
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json

178.253.29.47

200 OK

499 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
499 B (499 bytes)
Hash
e3d17d66f9e675ca9273e04470203275
e676da597ad577652921e9af98e79b986ec158ae
5c26acb3823aedc062268da24385061135d42171888bb5f5a0a8f63ba09c67d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
content-length: 499
last-modified: Mon, 05 Jun 2023 14:13:26 GMT
etag: "e3d17d66f9e675ca9273e04470203275"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.323
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json

178.253.29.47

200 OK

958 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
958 B (958 bytes)
Hash
24ec1c171afe6836881e2fba1ed559a0
588a08d22de446d484f8f51402994f37ff2527c2
a0c14f5476683e6eb7381c1820c0e914c02911ab9d24170e61548e661017f96f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
content-length: 958
last-modified: Tue, 18 Apr 2023 10:33:32 GMT
etag: "24ec1c171afe6836881e2fba1ed559a0"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.372
X-Firefox-Spdy: h2

1xlite-660473.top/seo-module-api/api/v1/title?group_id=285&ref_id=1&url=https:%2F%2F1xlite-660473.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-660473.top&timezone=2&stream=user&section=registration&ref[id]=1&project[id]=285

178.253.29.47

200 OK

120 B

URL GET HTTP/2
1xlite-660473.top/seo-module-api/api/v1/title?group_id=285&ref_id=1&url=https:%2F%2F1xlite-660473.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-660473.top&timezone=2&stream=user&section=registration&ref[id]=1&project[id]=285
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
120 B (120 bytes)
Hash
b6f738e763b4e9542957e2534d82ed3a
473feaa411cef5e56cc1cf78267a2545a57f7444
e6e555c1a718d40a6a95accdf05b3b753d457f4bd080be4e42aaf1a4b5e30c43

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/v1/title?group_id=285&ref_id=1&url=https:%2F%2F1xlite-660473.top%2Fen%2Fregistration&geo=no&language=en&domain=1xlite-660473.top&timezone=2&stream=user&section=registration&ref[id]=1&project[id]=285 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?type=fast
content-type: application/json
x-requested-with: XMLHttpRequest
x-geoip2-country-code: ru
sub-request-id: 9515630a84424047ba075b3533a60c0b
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.1.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:38 GMT
content-type: application/json
content-length: 120
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: en3721b364f48580dc0fe20d8836e3c07a
age: 0
x-request-id: 2a6fbf1ab260132d477e92b21f49531c
x-request-guid: 2a6fbf1ab260132d477e92b21f49531c
x-time-ng: 0.020
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=16.292095184326, wf-uht;dur=0.033
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714115196613&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=402892344.1714115197&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714115197&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_2896c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l71062_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=4952

216.239.34.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714115196613&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=402892344.1714115197&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714115197&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_2896c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l71062_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=4952
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714115196613&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=402892344.1714115197&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714115197&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_2896c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l71062_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=4952 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-660473.top
date: Fri, 26 Apr 2024 07:06:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.47

200 OK

23 B

URL POST HTTP/2
1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
222d5656a36e8f9d6756068373ad8ab6
8d3b93fdb92da8ebc46dbb5e4d645ca1a556572a
2f0ec67232f28a21518ea12c8d5b74dd79328b62b1b7d94e9e9d999e9798082c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?type=fast
Content-Type: application/json
X-Lang: en
X-Uuid: c999fce1-1343-468a-9f8c-1974a73711eb
Content-Length: 187
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.1.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:38 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714115196613&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=402892344.1714115197&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&sid=1714115197&sct=1&seg=1&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_2896c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l71062_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=5970

216.239.34.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714115196613&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=402892344.1714115197&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&sid=1714115197&sct=1&seg=1&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_2896c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l71062_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=5970
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714115196613&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=402892344.1714115197&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&sid=1714115197&sct=1&seg=1&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_2896c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l71062_push&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=5970 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-660473.top
date: Fri, 26 Apr 2024 07:06:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/44842eb421aa5c1442fe7b7bb1b74ada.json

178.253.29.47

200 OK

7.7 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/44842eb421aa5c1442fe7b7bb1b74ada.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
7.7 kB (7663 bytes)
Hash
7d9a4e78115fd37cd8c13744652d88fd
7e54aedba90e5b0e5e83260e10ede352c5af51eb
12e8247b4c575bf1a0a35b0d15199a2f375a2fb0ee8a18b5a38f9f7d9aaaf1e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/44842eb421aa5c1442fe7b7bb1b74ada.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 14 Nov 2023 10:53:14 GMT
etag: W/"7d9a4e78115fd37cd8c13744652d88fd"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.373
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/session

178.253.29.47

204 No Content

0 B

URL GET HTTP/2
1xlite-660473.top/web-api/session
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?type=fast
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.1.1714115198.59.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 26 Apr 2024 07:06:44 GMT
cache-control: no-cache, private
server-timing: p;dur=14, dt_total;dur=19.558, wf-uht;dur=0.028
traceparent: 00-2594298c46917cd38b86095922cc8e6c-52eb42913d8470cc-01
x-dt: 285
x-time-ng: 0.019
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714115196613&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=402892344.1714115197&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftype%3Dfast&dr=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_2896c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l71062_push&sid=1714115197&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=10972

216.239.34.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714115196613&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=402892344.1714115197&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftype%3Dfast&dr=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_2896c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l71062_push&sid=1714115197&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=10972
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714115196613&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=402892344.1714115197&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=4&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftype%3Dfast&dr=https%3A%2F%2F1xlite-660473.top%2Fen%2Fregistration%3Ftag%3Dd_1249669m_2896c_%255B%255DMS%255B%255Dnull%255B%255Dreg%255B%255Dgeneral%255B%255D17300_d60291_l71062_push&sid=1714115197&sct=1&seg=1&dt=1xBet%20registration%20%E1%90%89%20Sign%20up%201xBet%20%E1%90%89%201xlite-660473.top&dp=%2Fen%2Fregistration%3Ftype%3Dfast&en=page_view&ep.optimize_id=GTM-5R4MT54&tfd=10972 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-660473.top
date: Fri, 26 Apr 2024 07:06:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-c1b13bbc.js

185.244.209.62

200 OK

67 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-c1b13bbc.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
67 kB (66631 bytes)
Hash
770cae056135fc518ad14933ba614b1f
210efe80b13338caa77279c4f9f89359f5537baa
a42fa9336cfcae84bf3d7e45164a21b51b754fcdb2ed97824d183698b3d7ed20

HTTP Headers

GET /_nuxt/desktop/default/vendors/conversion-c1b13bbc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 66631
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-10447"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-769cf7e8bba7d3b073e047256a31fd56-70edf89df4898217-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:46+00:00, 2024-04-25T14:33:04+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json

178.253.29.47

200 OK

5.8 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
5.8 kB (5803 bytes)
Hash
9e5da15e44d6b6bab0cfc7c07ba9495d
4a67254b45112089d0833028de0c9c81acb930a3
0d51ae7eaa1511001f9b8b562a49d1b55d177a655f26035364485f02d5384af9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Sat, 20 Apr 2024 09:17:16 GMT
etag: W/"9e5da15e44d6b6bab0cfc7c07ba9495d"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:45 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b266e2b0d973f38b7bcc46513f1105f7-98f1abe429f5e360-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-04-26T06:14:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:45 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d9db0fe78f6e5449dabebae656005ac2-9a3a85bf4d9aa05f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-04-26T06:35:58+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/70cc184946a72f3e0ae5a0da994aaa1b.json

178.253.29.47

200 OK

64 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/70cc184946a72f3e0ae5a0da994aaa1b.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
64 kB (64293 bytes)
Hash
c0aa52a31825f5f29cad8c3be64f055b
570b76f24ecb201b196783959338e1635e7554a7
a34d4d18f7ebebd5d5e8c5daebbf27603a93a552d69b84989612d76b438ced03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/70cc184946a72f3e0ae5a0da994aaa1b.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 01 Feb 2024 15:32:25 GMT
etag: W/"c0aa52a31825f5f29cad8c3be64f055b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.318
X-Firefox-Spdy: h2

1xlite-660473.top/hd-api/external/api/web/v1/j/38di15402h0505253d6595bfeaa2beee079c187d22ba8afd3c5d

178.253.29.47

200 OK

516 B

URL POST HTTP/2
1xlite-660473.top/hd-api/external/api/web/v1/j/38di15402h0505253d6595bfeaa2beee079c187d22ba8afd3c5d
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
516 B (516 bytes)
Hash
7eca37b10fc7f01dc186638f1f70e7db
e4fda726f59e341a54b6acf3305ab188d276aa72
3f09bc5d9b07f8e66b6faf5c1e80fff41fb52b149ac13801ceed6e1ba10c6b79

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/api/web/v1/j/38di15402h0505253d6595bfeaa2beee079c187d22ba8afd3c5d HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?type=fast
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105936
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.1.1714115198.59.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:46 GMT
content-type: application/json
content-length: 516
content-encoding: gzip
traceparent: 00-942b2faf843f968e78a386b659b58354-240463a73d31958c-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 2724883d3e11902e86917a291ada713a
x-time-ng: 0.052
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=59.483, wf-uht;dur=0.084
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json

178.253.29.47

200 OK

19 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
19 kB (19210 bytes)
Hash
82be680bc6bd32b65cef0e3bda368678
5f5ac335405d9c792b43b6aee8d5ab64ac42e5ba
12800d3ad8e368dc1541e334f8f6f669549da16f62b4dae2ebb9929bd88322c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 30 Oct 2023 14:20:28 GMT
etag: W/"82be680bc6bd32b65cef0e3bda368678"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.367
X-Firefox-Spdy: h2

1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.47

200 OK

23 B

URL POST HTTP/2
1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
0e2bb312d611a9c8c4b7437836d322d3
3921698d74290b5eb81ea0b40ac67079aa9cc02c
73695821570eb441fc039031d57c58ac78e49cac1becdf80419d11441d652bd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?type=fast
Content-Type: application/json
X-Lang: en
X-Uuid: c999fce1-1343-468a-9f8c-1974a73711eb
Content-Length: 99
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.1.1714115198.59.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:48 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js

104.18.39.72

200 OK

1.0 MB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
1.0 MB (1015847 bytes)
Hash
0a8ec60f8885a9417bae7ec2a3981f82
ef0fa91cda49946611fe1cd09819cfdaf8a1c6f5
15d73072cdad0ee70bdc75731a1c2d81326b0b1391b668cd36c639a321105259

HTTP Headers

GET /_next/static/chunks/pages/_app-a10a22844227e6a6.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"f8027-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 89336
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb2d8dfe569c-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js

104.18.39.72

200 OK

3.8 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (3855), with no line terminators
Size
3.8 kB (3792 bytes)
Hash
7288e202ab8e4cf1b7f60eed709e0986
c10effeb29bf129a7c81688b9f3a7d5485272e87
56e695b4675b50d55a92f006109771a67da822050f5ae03fd2ad02c1a9565b58

HTTP Headers

GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13489786
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb2d8de1569c-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js

104.18.39.72

200 OK

481 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
481 kB (480579 bytes)
Hash
46260bb46d51262abee818c0c3bcf1c6
fe3be222aec74704fad1fa2559788b1fa287094a
20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c

HTTP Headers

GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8640145
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb2d8e0d569c-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json

178.253.29.47

200 OK

3.5 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (3821), with no line terminators
Size
3.5 kB (3484 bytes)
Hash
f342ac5d01dcda4500f8848382fbf264
7e6b6104b4d0bf5308c9255611771bdb105517de
3710268c1a1858520b32780c7ce6c4bc0e456ce106be2b51c5554663b4c02a41

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 06:25:42 GMT
etag: W/"4ceca6711e35f002e5d82e7e710000c1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-animations/game-85-animation.svg

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-animations/game-85-animation.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
14 kB (14308 bytes)
Hash
9e7af5cc8f19e556b8696b1f616368bb
5dfc0391d0b038c0a854280a40cd89a6e5ed970e
bfb06010ec5c7f94e57ce0ee75b270c76559d76e8e49e8085866bc11408345fb

HTTP Headers

GET /sfiles/games-images/game-animations/game-85-animation.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Jan 2024 13:34:39 GMT
etag: W/"9e7af5cc8f19e556b8696b1f616368bb"
x-amz-meta-origin-date-iso8601: 2024-01-24T13:05:40.000Z
expires: Fri, 19 Apr 2024 00:06:27 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a6fb7050753b216efa31bc92a2139b94-5d43cc27afbe8689-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T03:23:59+00:00, 2024-04-26T00:36:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js

185.244.209.62

200 OK

32 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
32 kB (32236 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 7382
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1cd6"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-95bbcfe3ef8bc58b96321a35e2beea9c-d79858d1beee6a65-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js

104.18.39.72

200 OK

78 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77801 bytes)
Hash
dc6852529f28802d37affa5953d07260
4edd220fe8df4b009a1775ebe57f19d40999659f
4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84

HTTP Headers

GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"12fe9-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8642600
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb2d8e14569c-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/api/v3/bonuses/welcome-bonuses

178.253.29.47

200 OK

675 B

URL GET HTTP/2
1xlite-660473.top/web-api/api/v3/bonuses/welcome-bonuses
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (769), with no line terminators
Size
675 B (675 bytes)
Hash
1e6e14eba274fc1ddb4d1fd9798ba788
9a9ea308099bd2de7a9861293324e153b276d91a
c3595ff52dc75767b58ffbf178a083df55e10d8d6dbcf76b24b0a76a5f9d9481

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/welcome-bonuses HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=18, dt_total;dur=67.637, wf-uht;dur=0.076
traceparent: 00-5cefe42836aaacf32f92d07e8028ac97-8c10250e03f952b7-01
x-dt: 285
x-time-ng: 0.049
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js

104.18.39.72

200 OK

92 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
92 B (92 bytes)
Hash
7c3f7e060745668041278118c0bb3d6d
e639f56695b3cc30d78dce7a0084aa8299a1311a
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a

HTTP Headers

GET /_next/static/724286ac/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"5c-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 89336
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb2d9e2d569c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js

104.18.39.72

200 OK

108 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107844 bytes)
Hash
83680ce862de40c43fc92e04b1ad0a3d
67eb6762545f4e1fee446794f4738d0f0577b6b4
e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75

HTTP Headers

GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13398664
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb2d8def569c-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/registration/fields

178.253.29.47

200 OK

32 kB

URL POST HTTP/2
1xlite-660473.top/web-api/registration/fields
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
32 kB (32009 bytes)
Hash
3b5fc74c6bee5ffbc649f663e5f6c1a3
0f00adb4eb180726ecd2abcc2317a29beceb13bd
fe1005c8a0940ff6384b2b89aa744d692b9aed79f1d72cecfa11d1bb11fa7294

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration/fields HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 19
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=69, dt_total;dur=72.359, wf-uht;dur=0.083
traceparent: 00-81f378d1594f087da21370cf0465413a-0f1b3a3506234e96-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.071
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/user/secure

178.253.29.47

200 OK

58 B

URL POST HTTP/2
1xlite-660473.top/web-api/user/secure
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
cc281b2e634f5b91f270c1bb3132a3e9
997fc6b9edf0f2201031d8ae277497cc01be9e40
2238de29344c305546c1c9817ce826028ba1f4229863496a985e3179598cb4f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/user/secure HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=16, dt_total;dur=17.505, wf-uht;dur=0.128
set-cookie: _glhf=1714132972; expires=Fri, 26-Apr-2024 08:06:36 GMT; Max-Age=3600; path=/
traceparent: 00-630fa4029619be50e94fbc7bb0991b95-a146e21e26959387-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/registration

178.253.29.47

200 OK

3.8 kB

URL POST HTTP/2
1xlite-660473.top/web-api/registration
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
Unicode text, UTF-8 text, with very long lines (4058), with no line terminators
Size
3.8 kB (3772 bytes)
Hash
c91b62d7c02f9f0a08ae126457f5b01a
62b4b29ff1bb55e5a2e89a45c59ad009cfb1de4c
409a0c79e02712ab1e645817fcd05b5875bd78467177e1def855088a823e04e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 18
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=29, dt_total;dur=30.834, wf-uht;dur=0.044
traceparent: 00-fae5ba7927a0ad6484f9c4d7385659cb-5b8cd8709c9bf0d9-01
x-dt: 285
x-time-ng: 0.031
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json

178.253.29.47

200 OK

1.5 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (1638), with no line terminators
Size
1.5 kB (1494 bytes)
Hash
1c21f311ce7d2fce86538083de17fbcc
ac92eb66bd5dc5221bb1c6106f951876b3fa083c
5298ed1b0e5f830e5fcc0e7247e439bfacf590a5a30eae05fcc49dfcae2d0d4d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 12 May 2023 15:17:16 GMT
etag: W/"b0a50f5239a6ca38097f89684eae43e4"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.401
X-Firefox-Spdy: h2

widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%223533dd67-67c9-4ba7-94be-2d8671679d02%22%7D

104.18.39.72

200 OK

24 B

URL GET HTTP/2
widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%223533dd67-67c9-4ba7-94be-2d8671679d02%22%7D
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
d6bacfff68d40ad2744454c2506cc0f9
85f1f094d174fd4d78bd382c7948b95e9db93215
cd0483a083f6c73e9cd006ee073b875188c49f4025f771ecbcb795d40ac980ed

HTTP Headers

GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%223533dd67-67c9-4ba7-94be-2d8671679d02%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87a4bb30a937569c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json

178.253.29.47

200 OK

2.1 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (2345), with no line terminators
Size
2.1 kB (2128 bytes)
Hash
f28a40d30a99fab8a5ccced08db52f77
063e77333797a10e097679a1e4d17269fc6d3b6b
a46ea2afe2103a473c90b17137f840e29d578a74d191daac521d45e9d3cf1d6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push

178.253.29.47

200 OK

646 kB

URL User Request GET HTTP/2
1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type

Size
646 kB (645939 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: text/html; charset=utf-8
content-encoding: br
server-timing: total;dur=574;desc="Nuxt Server Time", dt_total;dur=599.244, wf-uht;dur=0.633
set-cookie: lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Tue, 25 Jun 2024 07:06:34 GMT
reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; Path=/; Expires=Fri, 26 Apr 2024 08:06:34 GMT
postback_watcher=; Path=/; Expires=Fri, 26 Apr 2024 07:06:38 GMT
platform_type=desktop; Path=/; Expires=Mon, 29 Apr 2024 07:06:34 GMT; Secure; SameSite=None; Partitioned
auid=sv0dL2YrUnolv+/GAxYvAg==; path=/; secure; httponly; samesite=lax
traceparent: 00-210c2dfa34f9c3b9c6336dc9c64d1d89-664ed7ffdd29dae8-01
vary: Accept-Encoding
x-dt: 285
x-frame-options: SAMEORIGIN
x-time-ng: 0.598
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/default/img/icons/pixels2.svg?v=1714115196

178.253.29.47

200 OK

90 B

URL GET HTTP/2
1xlite-660473.top/web-api/default/img/icons/pixels2.svg?v=1714115196
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
90 B (90 bytes)
Hash
e45f90dcbe718dea3476c4b69b501a4e
e9af26a93c467a77e4733ec537f4f5ce7a4ba089
a439dd8761d9fd4ff88e82e83200877703594491065880dbd4e59ddf4ce1b204

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1714115196 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=15, dt_total;dur=20.999, wf-uht;dur=0.164
traceparent: 00-c08970e2bb1a6e2f3976523169f47282-ce4f9ea53b2df5f8-01
x-dt: 285
x-time-ng: 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js

104.18.39.72

200 OK

373 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
373 kB (372954 bytes)
Hash
36e4e2c2a2498b008514f1f0250c8018
cfa53d1c8533fb5941d9ff4f1e45e8c831658693
42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0

HTTP Headers

GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 2502291
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb2d9e22569c-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json

178.253.29.47

200 OK

3.3 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (3653), with no line terminators
Size
3.3 kB (3312 bytes)
Hash
8bc0581ca207c024d54d75ca53390160
62d322fceed2d7d960548e0b2216a814f68c3b31
a97dc7805fc7bb366b277032e2f95d95418bdde4db7837a7ba9b3b18c9e33e95

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 07 Mar 2024 10:41:59 GMT
etag: W/"becb2e7c22d23ed7b8c378c346c643f1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js

104.18.39.72

200 OK

107 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107186 bytes)
Hash
d0a7ecc59065580118a9ea8880c58962
21573546ac5011592094ef6aea0696ccdeb2164d
e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5

HTTP Headers

GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 89336
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb2d9e24569c-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css

185.244.209.62

200 OK

36 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (36299), with no line terminators
Size
36 kB (36299 bytes)
Hash
4610c92e7697e57d1149e233ef5edab2
534bce5791c8a3f342e7fa8552458f3b45c60ab1
92fefebfb7788539968fe67373e000ba5cdfa9d19b041f3849d38f098b49d222

HTTP Headers

GET /genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: text/css
last-modified: Fri, 05 Apr 2024 07:40:06 GMT
etag: W/"4610c92e7697e57d1149e233ef5edab2"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ae14e5c26a980108c71d9b2a291075f0-c84bb4d744d9d036-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-05T09:04:13+00:00, 2024-04-26T07:04:08+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_buildManifest.js

104.18.39.72

200 OK

519 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_buildManifest.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with very long lines (547), with no line terminators
Size
519 B (519 bytes)
Hash
063abc9f05b28326f5878dcd728ca1f7
321099ea5d4fa6792974fd44503ffb3e75e5c5b0
73109b74c039aec5fc1e3f4e3c2e15585b1ba094f3e8291b0cd67f51b4b830c4

HTTP Headers

GET /_next/static/724286ac/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"207-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 89336
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb2d9e25569c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_ssgManifest.js

104.18.39.72

200 OK

77 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_ssgManifest.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
b6652df95db52feb4daf4eca35380933
65451d110137761b318c82d9071c042db80c4036
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

HTTP Headers

GET /_next/static/724286ac/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"4d-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 89327
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb2d9e29569c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=402892344.1714115197&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=206363887

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=402892344.1714115197&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=206363887
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint4E:BD:F9:72:97:67:A2:4B:EE:E4:B0:03:CD:C8:F3:30:53:27:53:1D
ValidityMon, 18 Mar 2024 20:50:06 GMT - Mon, 10 Jun 2024 20:50:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=402892344.1714115197&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=206363887 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 26 Apr 2024 07:06:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

widget.suphelper.top/injector.js

104.18.39.72

200 OK

208 kB

URL GET HTTP/2
widget.suphelper.top/injector.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type

Size
208 kB (208506 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"32e7a-18f123218ef"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
expires: Fri, 26 Apr 2024 11:06:36 GMT
server: cloudflare
cf-ray: 87a4bb2aaaf0569c-OSL
X-Firefox-Spdy: h2

radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

390 B

URL GET HTTP/1.1
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type

Size
390 B (390 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 26 Apr 2024 07:06:37 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Fri, 26 Apr 2024 07:16:37 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json

178.253.29.47

200 OK

8.1 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (8926), with no line terminators
Size
8.1 kB (8075 bytes)
Hash
33a8d84b65be76b07b379586ce0f30f4
d3c3a3a7c188444d7c25961a62149b97f9de1725
8cbf747c3e3ffa25baee745930d5855d78ec027e3e0c6e0bc69bfde8bc16aeaa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 13 Dec 2023 14:46:07 GMT
etag: W/"a60fb63e7c35ba8cdb1d0851ff960b1b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.378
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json

178.253.29.47

200 OK

14 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
14 kB (14236 bytes)
Hash
5f6393bd6febc268d33cb235c7eec194
819eb4409582bcea038e527fd5859dde2d13e0e7
9ae42c0a8d88add1a2d54faab5d819c619cb2a2a1eec7595fe1029a91449efb0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 14 Nov 2023 06:21:55 GMT
etag: W/"5f6393bd6febc268d33cb235c7eec194"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.329
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js

104.18.39.72

200 OK

141 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
141 kB (140949 bytes)
Hash
896d1930437c1ab92b8a359c1d6fdaae
71e0e23d1af9722f356eb5d1c497d100ec8b0f7a
8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4

HTTP Headers

GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 Nov 2023 12:45:49 GMT
etag: W/"22695-18b9011853a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13489786
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb2d8dea569c-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/api/v3/bonuses/first-deposit

178.253.29.47

200 OK

426 B

URL GET HTTP/2
1xlite-660473.top/web-api/api/v3/bonuses/first-deposit
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (464), with no line terminators
Size
426 B (426 bytes)
Hash
2d9b04c0ee3ec015e9094ce942ed9139
eebc58e94d15401f9c6737a4908018fd833d94ee
dea4bd3b63fac017709162cd44048f725c21396da41d2cfdc235812fcf2eb6fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=20, dt_total;dur=21.621, wf-uht;dur=0.036
traceparent: 00-5bcd4cb2b06d74cfcf3297505d2f8033-e3f631a91af7b28c-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js

104.18.39.72

200 OK

10 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (10533), with no line terminators
Size
10 kB (10533 bytes)
Hash
54b2d4e92e16d2ea51898124107af46a
ab4225b696e63c9040de1511fa229cf65b4d3750
e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662

HTTP Headers

GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8642600
expires: Sat, 26 Apr 2025 07:06:37 GMT
server: cloudflare
cf-ray: 87a4bb2d9e1d569c-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/country.svg

185.244.209.62

200 OK

178 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/country.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
178 kB (178404 bytes)
Hash
60caf0d666af828706b3d83c428a31e4
0f687988f8e835cb514794a4dbf7bb98613865f2
493ff1845dd1167680740cc525f4fb69ecdc4332265e83e76c26296a5001a602

HTTP Headers

GET /sys-icons/1.0.328/285/country.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"60caf0d666af828706b3d83c428a31e4"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:03 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-33d8db0214846000c5be3a8c82d39133-2ad1993b5636b755-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:03+00:00, 2024-04-25T11:01:26+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

refpamjeql.top/L?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push&site=1249669&ad=2896&r=registration/

45.135.120.31

303 See Other

646 kB

URL User Request GET HTTP/2
refpamjeql.top/L?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push&site=1249669&ad=2896&r=registration/
IP
45.135.120.31:443
ASN
#56630 Melbikomas UAB

Certificate
IssuerLet's Encrypt
Subjectrefpamjeql.top
FingerprintFC:88:DE:71:6D:05:6E:E3:EE:1A:CD:0C:3E:A8:AE:CF:14:81:D1:40
ValidityMon, 25 Mar 2024 05:16:41 GMT - Sun, 23 Jun 2024 05:16:40 GMT

File type

Size
646 kB (645939 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /L?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push&site=1249669&ad=2896&r=registration/ HTTP/1.1
Host: refpamjeql.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
server: nginx
date: Fri, 26 Apr 2024 07:06:33 GMT
cache-control: private
location: https://1xlite-660473.top:443/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
x-aspnetmvc-version: 5.0
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.004
X-Firefox-Spdy: h2

1xlite-660473.top/hd-api/external/api/web/v1/converslon/load

178.253.29.47

200 OK

34 kB

URL GET HTTP/2
1xlite-660473.top/hd-api/external/api/web/v1/converslon/load
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
34 kB (34509 bytes)
Hash
f9e84c9a4c0e30e9936b49c1c7ef792a
a213a7f54a2bd8fe0776a5bde3af1c72a0319357
b2df60f35df5f9273cece8f78d706d49c315afdc0e14ca6f849109ad5867b357

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?type=fast
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.1.1714115198.59.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:44 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-68c564b4d4a62497804f00ed344a003a-0bbb021d247f8144-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: f51c9d56b652b06a4b54aea3d3445e4d
x-time-ng: 0.008
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=22.153, wf-uht;dur=0.030
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/api/web/v1/config/actualDomain

178.253.29.47

200 OK

269 B

URL GET HTTP/2
1xlite-660473.top/web-api/api/web/v1/config/actualDomain
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (309), with no line terminators
Size
269 B (269 bytes)
Hash
6469b5c07a262f60f11e004ac72262b1
978ec0042baae49cb3bc8a7882055ec9a053e522
459c4cead3579c67475b231f8d8e21e599e27ecf8108d8ba29dd10a558b43f53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:35 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=55, dt_total;dur=72.069, wf-uht;dur=0.080
set-cookie: SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-42f15547c817e92da75957aadda6b8cf-6aaf02318571ff3d-01
x-dt: 285
x-time-ng: 0.063
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/bonus.svg

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/bonus.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
16 kB (16347 bytes)
Hash
5dfc9cb3b4b0fdaa0ca8f0bebfaf0a6e
26203d2e2202d3235df633980f2ff038142c7a56
79196fff489b0c355e20bb232694b9df71bc6a4a905cb9018afdce4d7eb0ee30

HTTP Headers

GET /sys-icons/1.0.328/285/bonus.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"5dfc9cb3b4b0fdaa0ca8f0bebfaf0a6e"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:29 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5b9083904f43233c9f3f4c26d6982100-f4a209b3126ff4b1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:29+00:00, 2024-04-25T12:20:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1232 bytes)
Hash
a436db0af736498349f0127d8e7fab1e
b07e2c449cf16ddb052ce40d881db13a0c890b9b
93261a519c1cea62e2c934496d5e0cbd1cbc8f65b4961811316e55d9e7c96ede

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:34 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c9d8ae4a6094ec16badfbef5c5f5d066-162f44aed5f59fe3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-11T08:32:05+00:00, 2024-04-26T06:30:37+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css

185.244.209.62

200 OK

7.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7006), with no line terminators
Size
7.0 kB (7000 bytes)
Hash
522d7d5f86a1754eb7f6b6297bdb391f
5b299d090cc4af5b0f7f56a36072e8ae8ed6c45a
3afe3e2cc826264cde82bf7f1102b65ebce448dcec42e14eab6489ee36fc3687

HTTP Headers

GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:36 GMT
content-type: text/css
content-length: 1486
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5ce"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:33:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-583f74468f05eb20b0c8c3f01a6b38fa-03a6774cd8555afb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:33:18+00:00, 2024-04-25T16:12:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json

178.253.29.47

200 OK

1.0 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (1143), with no line terminators
Size
1.0 kB (1046 bytes)
Hash
533208f94c3264028f9329b6fbb58515
3f0caf33232924706c8a783e08d747ed9107826b
6fa6b3635c5a9a1e019c99d1d217f74a8aba28d8ffd260db817ef1079644a7b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_1249669m_2896c_%5B%5DMS%5B%5Dnull%5B%5Dreg%5B%5Dgeneral%5B%5D17300_d60291_l71062_push; postback_watcher=; platform_type=desktop; auid=sv0dL2YrUnolv+/GAxYvAg==; window_width=1280; che_g=a3f54059-17a6-5c44-ac45-8fe5053b6c2f; SESSION=3e23668a1857fc71d6c8ad32e8a4eb4b; sh.session.id=3533dd67-67c9-4ba7-94be-2d8671679d02; _glhf=1714132972; _ga_7JGWL9SV66=GS1.1.1714115197.1.0.1714115197.60.0.0; _ga=GA1.1.402892344.1714115197; ggru=146
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 26 Jun 2023 07:10:34 GMT
etag: W/"f117f2ecd3a10db0e2d79159b68fcf2f"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.333
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js

185.244.209.62

200 OK

40 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en/registration?tag=d_1249669m_2896c_[]MS[]null[]reg[]general[]17300_d60291_l71062_push
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (39925), with no line terminators
Size
40 kB (39925 bytes)
Hash
681145f0441284174ef426e56941290b
6e6844a39c0a7b28cd162391753ac6429a576728
a9b554dc85ad806c70c5a650600b4c39ea900812543992e8aa761b779600c3bb

HTTP Headers

GET /_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:06:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 8875
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-22ab"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9010ab2eb514bc1db115d59cf77744ca-3b60c9c8a88a1066-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:43+00:00, 2024-04-25T14:51:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (56)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML